From d471eb69c0ca36ed06f27136caaffb9e346675f7 Mon Sep 17 00:00:00 2001
From: acsbendi <acsbendi28@gmail.com>
Date: Wed, 24 Jul 2019 19:47:39 +0200
Subject: [PATCH] For EC2 requests, AuthFailure should be raised instead of
 SignatureDoesNotMatch.

---
 moto/core/authentication.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/moto/core/authentication.py b/moto/core/authentication.py
index 355b666e..df7d1bf3 100644
--- a/moto/core/authentication.py
+++ b/moto/core/authentication.py
@@ -146,7 +146,7 @@ class IAMRequestBase(object):
         original_signature = self._get_string_between('Signature=', ',', self._headers['Authorization'])
         calculated_signature = self._calculate_signature()
         if original_signature != calculated_signature:
-            raise SignatureDoesNotMatchError()
+            self._raise_signature_does_not_match()
 
     def check_action_permitted(self):
         policies = self._access_key.collect_policies()
@@ -163,6 +163,12 @@ class IAMRequestBase(object):
         if not permitted:
             self._raise_access_denied()
 
+    def _raise_signature_does_not_match(self):
+        if self._service == "ec2":
+            raise AuthFailureError()
+        else:
+            raise SignatureDoesNotMatchError()
+
     @abstractmethod
     def _raise_access_denied(self):
         raise NotImplementedError()